IPCop not detecting firewall hits

8

8321

Well-Known Member
Joined
Dec 13, 2004
Messages
390
Reaction score
0
Location
Pretoria
I usually have 400 to 500 firewall hits per day in my IPCop firewall log. All day today, not a single one (yesterday 40-odd).

Are they being blocked up the line - I am using iBurst? Or has IPCop gone to sleep? It is the first time this has ever happened.
 
Hey 8321,

You can add a rule to the bottom of the chain to jump to chain LOG. chain LOG is the only chain that doesn't stop processing of rules in iptables (used by ipcop)

Normally firewalls look like this:

input chain:

bla
bla
bla
iptables -A input -j LOG
iptables -A input -j DROP

So you can insert your own logging rule and see what happens :) That way you will know what is where. chain LOG can be on any iptables chain :)

Laterz !

8321 said:
I usually have 400 to 500 firewall hits per day in my IPCop firewall log. All day today, not a single one (yesterday 40-odd).

Are they being blocked up the line - I am using iBurst? Or has IPCop gone to sleep? It is the first time this has ever happened.
Click to expand...
 
8321 said:
I usually have 400 to 500 firewall hits per day in my IPCop firewall log. All day today, not a single one (yesterday 40-odd).

Are they being blocked up the line - I am using iBurst? Or has IPCop gone to sleep? It is the first time this has ever happened.
Click to expand...

Not being funny or anything, but are you sure your RED interface was active the whole time, maybe the internet link went down, hence the low ht rate. Just a thought.
 
I did the old Bill Gates thingy ..when in doubt, reboot.. and logging is back on. (I hate having to do it with Linux.)

I checked system status page and logging server is now green. Don't know what it was before. I suspect that somehow the logging server got disabled.

Thanks for the sugestions, everyone.
 
Not the first time I've seen a daemon going to sleep when it's not supposed to... anyway, glad to see your issue have been resolved.

Should this happen on a more frequent basis, then the reason as to why this happen must be investigated as this can be somebody trying to hide something... or it can be something else, like problematic hardware or the such.
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X